Managing network device credentials:
Two types of protocols are utilized by the central server/distribution server to perform various operations on network devices. Below we see what they are and what function they serve.
While scanning the network devices, SNMP protocol is used to query them for device identification information. This information is utilized by the central server to determine the device type, vendor, series, and model. With these details, the central server retrieves the firmware version detection command since it differs with every vendor and device. SSH command-line utility is then leveraged by the central server to run the firmware version detection command on devices. Once the firmware version of the devices are detected, corresponding vulnerabilities are correlated for every device. Also during patch deployment, the central server runs a series of commands using SSH command-line utility to deploy patches to vulnerable devices.
Above operations require authentication with administrative SNMP and SSH credentials on managed network devices. Since many of the devices may share some common credentials, you can add them once in the Network Device Credentials view and map appropriate credentials to any associated device in the managed devices view.
Note:
Both SNMP and SSH must be configured and enabled in the network devices as a prerequisite.
In this document we will cover,
Adding SNMP credentials:
Prerequisite: SNMP agent must be configured and enabled in the network device.
Based on the SNMP version you've configured in the network device, the type of credentials you need to supply might vary.
- Go to Network Devices > Network Device Credentials.
- Click on "Add Credentials".
- In the Add Credential dialog box, for Credential type choose either SNMP version v1/v2 or SNMP version v3 depending on the SNMP version you've configured in the network devices.
- If you wish to add credential for network devices configured with SNMP version 1 or version 2, select SNMP version v1/v2 and supply the following credentials:
- Credential Item/Component
- Description
- Credential Name*
- This is a unique name given by the user while adding the credential.
- SNMP Port*
- Unless changed by the user, the port number of SNMP is 161 by default.
- Read Community*
- The SNMP Read Community string is like a user id or password that allows Read-only access to the device.
- Write Community
- The SNMP Write Community string is like a user id or password that allows Read and Write access to the devices. This is optional.
- Once you've provided the above details, click Save to successfully add the SNMP credential to the Network Device Credentials view.
- If you wish to add credential for network devices configured with SNMP version 3, select SNMP version v3 and supply the following credentials:
- Credential Item/component
- Description
- Credential Name*
- This is a unique name given by the user while adding the credential.
- SNMP Port*
- Unless changed by the user, the port number of SNMP is 161 by default.
- User Name*
- User Name is used by SNMP as a community string to log into the device when authentication is not configured.
- Context Name
- An SNMP context name or 'context' in short, is a collection of management information accessible by an SNMP entity. An item of management information may exist in more than one context. An SNMP entity potentially has access to many contexts. In other words, if a management information has been defined under certain context by an SNMPv3 entity, then any management application can access that information by giving that context name. The 'context name' is an octet string, which has at least one management information.
- Authentication Protocol/ Authentication Password
- For authentication protocol, select either MD5 or SHA and enter the corresponding password. MD5 and SHA are processes which are used for generating authentication/privacy keys in SNMP v3 applications.
- Privacy Protocol/Privacy Password
- For encryption protocol, select either DES or AES-128 and enter the corresponding password. Note: Only after configuring Authentication it is possible to configure Encryption.
- Once you've provided the above details, click Save to successfully add the SNMP credential to the Network Device Credentials view.
Credential components marked with "*" are mandatory fields.
Adding SSH credentials:
Prerequisite: SSH server must be configured and enabled in the network device.
- Go to Network Devices > Network Device Credentials.
- Click on "Add Credentials".
- In the Add Credential dialog box, for Credential type choose SSH and supply the following credentials.
- Credential Item/component
- Description
- Credential Name*
- This is a unique name given by the user while adding the credential.
- User Name*
- This is the SSH user name used for logging in to the device.
- Password*
- This is the SSH password used for logging in to the device.
- Prompt*
- The prompt value indicates the beginning and end of a command execution in a command line interface. The symbol > matches the prompt value '>'.The symbol >|#|$ matches the prompt value '>' or '#' or '$'.The prompt value can also take any alphanumeric characters followed by a colon ':'
- Enable Username
- "Enable" credentials are required to access the device in privileged mode. To run certain commands, the user must be able to access the device in privilege mode. When trying to access the device in privileged mode, some devices may require an appropriate username to be entered. Provide the username if prompted, otherwise, leave this field empty.
- Enable Password
- "Enable" password is required to access the device in privileged mode.
- Enable Prompt
- This refers to the prompt value in privileged/enable mode. By default the value is set as #.
- Once you've provided the above details, click Save to add the SSH credential to the Network Device Credentials view successfully.
Credential components marked with "*" are mandatory fields.
Once you've added the SNMP and SSH credentials to the Network Device Credentials view, you can map them to corresponding devices in the managed devices view. Learn how to map network device credentials.
Modifying Credentials:
In the future, if credentials values are changed, you can edit them in the Network Device Credentials view.
- Go to Network Devices Credentials view.
- Select a credential and click on the dotted button under the Action column.
- Now select Modify and change the desired value of any component of the credential.
- Click Modify to update those changes successfully.
Deleting Credentials:
If the credentials are invalid or have become obsolete, you can delete them from the Network Device Credentials view.
- Go to Network Devices Credentials view.
- Select a credential and click on the dotted button under the Action column.
- Now select Delete to successfully delete the credential.